Whitelist VaultPress

Hi,

Do you have the firewall log line(s) showing the blocked request?
I never tried VaultPress.

Will collect them and get back to you here!

It is something like this

31/Jan/17 16:02:55 #8021272 critical – 192.0.100.91 POST /wp-load.php – BASE64-encoded injection – [POST:query = U0VMRUNUICogRlJPTSBgZW50X3BvX3BsdWdpbnNgIFdIRVJFIGBwb3N0X2lkYCA+ICcxMDMxJyBPUkRFUiBCWSBgcG9zdF9pZGAgTElNSVQgMjQ2IA==] – https://www.example.com

[POST:query = U0VMRUNUICogRlJPTSBgZW50X3BvX3BsdWdpbnNgIFdIRVJFIGBwb3N0X2lkYCA+ICcxMDMxJyBPUkRFUiBCWSBgcG9zdF9pZGAgTElNSVQgMjQ2IA==]

It is blocked because it is a base64-encoded SQL command and the firewall consider it as a SQLi attempt:
SELECT * FROM ent_po_plugins WHERE post_id > '1031' ORDER BY post_id LIMIT 246.
You can use the .htninja file to whitelist automattic.com’s IPs:

<?php
/*
 +===================================================================+
 | NinjaFirewall optional configuration file                         |
 |                                                                   |
 | See: https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja |
 +===================================================================+
*/

// Allow automattic.com's 192.0.64.0/18 block (IPv4 **only**):
if ( ipCIDRCheck( $_SERVER['REMOTE_ADDR'], '192.0.64.0/18' ) ) {
   // IP matches, don't block it:
   return 'ALLOW';
}
function ipCIDRCheck( $IP, $CIDR ) {
   list ( $subnet, $bits ) = explode( '/', $CIDR );
   $ip = ip2long( $IP );
   $subnet = ip2long( $subnet );
   $mask = -1 << ( 32 - $bits );
   $subnet &= $mask;
   return ( $ip & $mask ) == $subnet;
}

• This reply was modified 7 years, 9 months ago by nintechnet.